mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-27 12:15:33 +00:00
2f189264b9
Currently, many tasks fetch content from the Internets. A problem with that is fetching from the Internets is unreliable: servers may have outages or be slow; content may disappear or change out from under us. The unreliability of 3rd party services poses a risk to Firefox CI. If services aren't available, we could potentially not run some CI tasks. In the worst case, we might not be able to release Firefox. That would be bad. In fact, as I write this, gmplib.org has been unavailable for ~24 hours and Firefox CI is unable to retrieve the GMP source code. As a result, building GCC toolchains is failing. A solution to this is to make tasks more hermetic by depending on fewer network services (which by definition aren't reliable over time and therefore introduce instability). This commit attempts to mitigate some external service dependencies by introducing the *fetch* task kind. The primary goal of the *fetch* kind is to obtain remote content and re-expose it as a task artifact. By making external content available as a cached task artifact, we allow dependent tasks to consume this content without touching the service originally providing that content, thus eliminating a run-time dependency and making tasks more hermetic and reproducible over time. We introduce a single "fetch-url" "using" flavor to define tasks that fetch single URLs and then re-expose that URL as an artifact. Powering this is a new, minimal "fetch" Docker image that contains a "fetch-content" Python script that does the work for us. We have added tasks to fetch source archives used to build the GCC toolchains. Fetching remote content and re-exposing it as an artifact is not very useful by itself: the value is in having tasks use those artifacts. We introduce a taskgraph transform that allows tasks to define an array of "fetches." Each entry corresponds to the name of a "fetch" task kind. When present, the corresponding "fetch" task is added as a dependency. And the task ID and artifact path from that "fetch" task is added to the MOZ_FETCHES environment variable of the task depending on it. Our "fetch-content" script has a "task-artifacts" sub-command that tasks can execute to perform retrieval of all artifacts listed in MOZ_FETCHES. To prove all of this works, the code for fetching dependencies when building GCC toolchains has been updated to use `fetch-content`. The now-unused legacy code has been deleted. This commit improves the reliability and efficiency of GCC toolchain tasks. Dependencies now all come from task artifacts and should always be available in the common case. In addition, `fetch-content` downloads and extracts files concurrently. This makes it faster than the serial application which we were previously using. There are some things I don't like about this commit. First, a new Docker image and Python script for downloading URLs feels a bit heavyweight. The Docker image is definitely overkill as things stand. I can eventually justify it because I want to implement support for fetching and repackaging VCS repositories and for caching Debian packages. These will require more packages than what I'm comfortable installing on the base Debian image, therefore justifying a dedicated image. The `fetch-content static-url` sub-command could definitely be implemented as a shell script. But Python is readily available and is more pleasant to maintain than shell, so I wrote it in Python. `fetch-content task-artifacts` is more advanced and writing it in Python is more justified, IMO. FWIW, the script is Python 3 only, which conveniently gives us access to `concurrent.futures`, which facilitates concurrent download. `fetch-content` also duplicates functionality found elsewhere. generic-worker's task payload supports a "mounts" feature which facilitates downloading remote content, including from a task artifact. However, this feature doesn't exist on docker-worker. So we have to implement downloading inside the task rather than at the worker level. I concede that if all workers had generic-worker's "mounts" feature and supported concurrent download, `fetch-content` wouldn't need to exist. `fetch-content` also duplicates functionality of `mach artifact toolchain`. I probably could have used `mach artifact toolchain` instead of writing `fetch-content task-artifacts`. However, I didn't want to introduce the requirement of a VCS checkout. `mach artifact toolchain` has its origins in providing a feature to the build system. And "fetching artifacts from tasks" is a more generic feature than that. I think it should be implemented as a generic feature and not something that is "toolchain" specific. I think the best place for a generic "fetch content" feature is in the worker, where content can be defined in the task payload. But as explained above, that feature isn't universally available. The next best place is probably run-task. run-task already performs generic, very-early task preparation steps, such as performing a VCS checkout. I would like to fold `fetch-content` into run-task and make it all driven by environment variables. But run-task is currently Python 2 and achieving concurrency would involve a bit of programming (or adding package dependencies). I may very well port run-task to Python 3 and then fold fetch-content into it. Or maybe we leave `fetch-content` as a standalone script. MozReview-Commit-ID: AGuTcwNcNJR --HG-- extra : rebase_source : 4918b8c3bac53d63665006802054038bfbca0314 |
||
|---|---|---|
| .. | ||
| addon | ||
| artifact-build | ||
| balrog | ||
| beetmover | ||
| beetmover-checksums | ||
| beetmover-l10n | ||
| beetmover-repackage | ||
| beetmover-source | ||
| build | ||
| build-signing | ||
| checksums-signing | ||
| diffoscope | ||
| docker-image | ||
| fetch | ||
| google-play-strings | ||
| hazard | ||
| l10n | ||
| nightly-l10n | ||
| nightly-l10n-signing | ||
| packages | ||
| partials | ||
| partials-signing | ||
| post-balrog-dummy | ||
| post-beetmover-checksums-dummy | ||
| post-beetmover-dummy | ||
| post-langpack-dummy | ||
| push-apk | ||
| release-balrog-scheduling | ||
| release-balrog-submit-toplevel | ||
| release-beetmover-push-to-release | ||
| release-beetmover-signed-langpacks | ||
| release-beetmover-source-checksums | ||
| release-binary-transparency | ||
| release-bouncer-aliases | ||
| release-bouncer-check | ||
| release-bouncer-sub | ||
| release-eme-free-repack | ||
| release-eme-free-repack-beetmover | ||
| release-eme-free-repack-repackage | ||
| release-eme-free-repack-repackage-signing | ||
| release-eme-free-repack-signing | ||
| release-final-verify | ||
| release-generate-checksums | ||
| release-generate-checksums-beetmover | ||
| release-generate-checksums-signing | ||
| release-mark-as-shipped | ||
| release-notify-promote | ||
| release-notify-push | ||
| release-notify-ship | ||
| release-partner-repack | ||
| release-partner-repack-beetmover | ||
| release-partner-repack-chunking-dummy | ||
| release-partner-repack-repackage | ||
| release-partner-repack-repackage-signing | ||
| release-partner-repack-signing | ||
| release-secondary-balrog-scheduling | ||
| release-secondary-balrog-submit-toplevel | ||
| release-secondary-final-verify | ||
| release-secondary-notify-ship | ||
| release-secondary-update-verify | ||
| release-secondary-update-verify-config | ||
| release-sign-and-push-langpacks | ||
| release-snap-push | ||
| release-snap-repackage | ||
| release-source | ||
| release-source-checksums-signing | ||
| release-source-signing | ||
| release-update-verify | ||
| release-update-verify-config | ||
| release-version-bump | ||
| repackage | ||
| repackage-l10n | ||
| repackage-signing | ||
| repo-update | ||
| searchfox | ||
| source-test | ||
| spidermonkey | ||
| static-analysis | ||
| static-analysis-autotest | ||
| test | ||
| toolchain | ||
| upload-generated-sources | ||
| upload-symbols | ||
| valgrind | ||
| config.yml | ||